4 Web层技术.pptVIP

第 * 页 共 117 页 数据库定义 Create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key(user_name, role_name) ); 第 * 页 共 117 页 Web程序的验证和登录方式 Web容器实现用户验证: HTTP 基本验证 (Basic authentication) 基于表单验证 (Form-based authentication) 客户凭证验证 (Client-certificate authentication) 摘要验证 (Digest authentication) Web程序本身实现验证方式: Web程序表单验证 程序性安全机制 第 * 页 共 117 页 基本验证方式 security-constraint display-nameSecurity For Basic Login/display-name web-resource-collection web-resource-nameBasicLogin/web-resource-name descriptionMap to Basic Login Page/description url-pattern/control/signin_ba/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionno description/description role-namemanager/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint 第 * 页 共 117 页 Defined in Web.xml login-config auth-methodBASIC/auth-method realm-namedefault/realm-name /login-config 第 * 页 共 117 页 表单验证方式 login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login/jsp/signin_cfb.jsp/form-login form-error/control/error/form-error /form-login-config /login-config 第 * 页 共 117 页 登录表单 center font size=2Container Form-Based Login/font form method=POST action=%= response.encodeURL(j_security_check) % table border=0 cellspacing=5 tr th align=rightUsername:/th td align=leftinput type=text name=j_username value=tomcat/td /tr tr th align=rightPassword:/th td align=leftinput type=password name=j_password value=sqe/td /tr…… /table /center /form 第 * 页 共 117 页 Custom Tag的概念和特点 Custom Tag由用户自己定义并可被其他JSP